Hybrid View

zmtlsctl "redirect" mode still allowing non-SSL

Some time back, I followed CLI zmtlsctl to set Web Server Mode - Zimbra :: Wiki to set my mode to "redirect". While doing some tcpdumping, I just happened to notice that this is apparently not happening in a few places, and non-SSL traffic is getting through. Specifically. if I go to:

I have zimbra set to https only, with an apache process performing the redirect. If you follow suit, note that you have to kill apache when upgrading ZCS, otherwise the upgrade may detect a conflict on port 80 and abort. But to better handle dns spoofing and local mitm threats, I'm negotiating with support folks to turn all such redirects off and insist that users start with https. It's the only way to be sure.